++doc update

content/u/blog/nftables-block-dhcp-and-router-advertisements/contents.lr

@@ -26,7 +26,8 @@ customer abusing another customer.
 ## The problem
 
 The virtual machines in our next generation uncloud hosting will be
-using standard DHCP and IPv6 address assignments and not the
+using standard DHCP and IPv6 address assignments. Currently
+we are still using the
 [OpenNebula](https://github.com/OpenNebula/addon-context-linux)
 contextualisation scripts that read the networking information from an
 attached ISO.
@@ -44,6 +45,8 @@ retrieve more information from a metadata server. So the main
 protection that is required is preventing to trick other customers
 into using a wrong IP address or route.
 
+Also, if the network is IPv6 only, another customer should not be able
+to trick someone else into using IPv4.
 
 ## Fixing it
 
@@ -56,8 +59,6 @@ table bridge filter {
     chain prerouting {
         type filter hook prerouting priority 0;
         policy accept;
-
-
     }
 ```
 
@@ -65,14 +66,15 @@ Next we create a chain to drop the packets we dislike:
 
 ```
     chain drop_ra_dhcp {
-        # Default blocks: router advertisements, dhcpv6, dhcpv4
+        # Blocks: router advertisements, dhcpv6, dhcpv4
         icmpv6 type nd-router-advert drop
         ip6 version 6 udp sport 547 drop
         ip  version 4 udp sport 67 drop
     }
 ```
 
-Now the only thing left is to correctly classify the traffic:
+Now the only thing left is to correctly classify the traffic. For this
+lets take some real world assumptions:
 
 * Let's assume the bridge is named **br100**
 * Let's assume the upstream interface that should allow RA/DHCP is